Description

Parameters

Name of selected hashing algorithm (i.e. md5,
sha256, haval160,4, etc..) See
hash_algos() for a list of supported algorithms.

password

The password to use for the derivation.

salt

The salt to use for the derivation. This value should be generated randomly.

iterations

The number of internal iterations to perform for the derivation.

length

The length of the output string. If raw_output
is TRUE this corresponds to the byte-length of the derived key, if
raw_output is FALSE this corresponds to twice the
byte-length of the derived key (as every byte of the key is returned as
two hexits).

Sadly this function was added in PHP 5.5 but many webservers just provide PHP 5.3. But there exists a pure PHP implementation (found here: https://defuse.ca/php-pbkdf2.htm).I took this implementation, put it into a class with comments for PHPDoc and added a switch so that the native PHP function is used if available.

My main goals:1) Maximum compatibility with PHP hash_pbkdf2(), ie. a drop-in replacement function2) Minimum code size/bloat3) Easy to copy/paste4) No classes, and not encapsulated in a class! Why write a class when a simple function will do?5) Eliminate calls to sprintf(). (used by other examples for the error reporting)6) No other dependencies, ie. extra required functions

People who wants pure PHP implementation of the function, i.e. who don't have PHP 5.5 installed within their server, can use the following implementation. Nothing has been modified so far as from reference https://defuse.ca/php-pbkdf2.htm but the OOP lovers might like this.For more information about PBKDF2 see: http://en.wikipedia.org/wiki/PBKDF2

Note that if $raw_output is false, then the output will be encoded using lowercase hexits. Some other systems (such as Django 2.0) use base64 instead. So if you're trying to generate hash strings that are compatible with those systems, you can use the base64_encode function, like this: